[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7265 [Firefox Patch Issues]: Only display Canvas message for first parties; simply log third parties



#7265: Only display Canvas message for first parties; simply log third parties
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  enhancement          |     Status:  needs_review
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-bounty, TorBrowserTeam201408,
Actual Points:                       |  MikePerry201408R
       Points:                       |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by isis):

 Replying to [comment:19 isis]:
 > I've tested it, and I think it still needs revision, as
 {{{firstPartySpec.get()}}} and {{{docSpec.get()}}} always seem to produce
 the ''same'' value (at least in the ~10 websites I tested). I know that
 some of these are third party scripts trying to access the canvas, and
 others are possibly third party sourced into the first party's domain,
 others are first party... meaning that this patch as it stands is unable
 to detect the difference, and users are still shown the HTML5 canvas
 permissions popup.

 I fiddled with this over the weekend, trying to produce some C++ object
 which would tell me the location of the script which triggered the HTML5
 canvas data access popup, and I produced a nasty thing that casts to a
 `nsJSPrinciple`... in the end it produced the same URIs as
 `firstPartySpec.get()` and `docSpec.get()`.

 I don't know my way around Firefox's crazy C++ yet. Please halp?!?!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7265#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs